Reputation: 147
How to get memberof of a built-in group in Active Directory?
I was trying get all the user accounts of a certain group. For that, I used the following filter:
BASEDN: DC=example,DC=com
FILTER: (&(memberof=CN=Myusers,DC=example,DC=com)(objectclass=user)(objectcategory=person))
which works fine. But I also wanted to get the users for built-in groups such as Domain Users,Domain Admins and so on. When I tried using the same type of filter
BASEDN: DC=example,DC=com
FILTER: (&(memberof=CN=Domain Users,CN=Users,DC=example,DC=com)(objectclass=user)(objectcategory=person))
for these built-in groups, it does not work. Why does this happen?
Upvotes: 0
Views: 1183
Answers (1)
Reputation: 10986
Most methods do not reveal membership in the "primary" group.
LDAPWIKI has some LDAP Query Examples for Microsoft Active Directory for all users that have "Domain Users" designated as their "primary", search for all users whose primaryGroupID attribute is 513 (by default). The primaryGroupID attribute of the group "Domain Users" is the same integer, 513. The LDAP syntax LDAP SearchFilter could be:
(primaryGroupID=513)
Upvotes: 1
Related Questions
- Get users that are 'memberof' a group
- LDAP query to get list of members in an AD group
- adLDAP -- How to retrieve user's Group Membership?
- Cannot get list of groups users in AD - memberOf function not working
- Retrieving group membership in LDAP
- Get users "memberOf" AD-groups
- Get members of some group
- Get memberOf data for a group?
- Querying a user's group membership from Active Directory
- querying ldap to retrieve groups user is member of (in sharepoint)